[OWASP-ESAPI] SafeRequests within SafeRequests
stewart_short at hotmail.com
Tue May 26 08:09:30 EDT 2009
Our web applications are based on WebLogic 8.1 page flows which is a technology built on top of struts. I have recently been looking at integrating OWASP ESAPI (v1.4) and one problem I noticed is that when processing involves a chain of actions, i.e. resulting in *.do requests, you end up with SafeRequests within SafeRequests, with one level for each action in the chain. Therefore, should the doFilter method in SafeHTTPFilter only create a new SafeRequest if the request passed in is not an instance of SafeRequest?
Beyond Hotmail — see what else you can do with Windows Live.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI